Red Hat Bugzilla – Bug 38411
remote exploit in bugzilla <= 2.12 ?
Last modified: 2007-03-26 23:44:00 EDT
There are also a few other pending powertools bugzilla packaging issues, see reports.
by Tara Hernandez - Monday, April 30th 2001 10:18 EST
Bugzilla is the bugtracking system used by mozilla.org. It is written in Perl and uses MySQL for the database backend.
Changes: Many changes were made, but one of the most significant is that users can now specify what sorts of notification they wish to
on their preferences page.
===> This version also contains a security fix for several instances where untrusted content could be passed to a system call, allowing remote
users to run system commands with the priviledges of the Web server. <===
All users not upgrading to 2.12 should apply the patch which fixes this as soon as possible.
License: Mozilla Public License (MPL) - Release focus: Major feature enhancements
We are spinng in a new bugzilla-2.12 rpm now. Please look for this in the next